#VU96859 Improper locking in Linux kernel - CVE-2024-44954

Vulnerability identifier: #VU96859

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44954

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the line6_data_received() function in sound/usb/line6/driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81
https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5
https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29
https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d
https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e
https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747
https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a
https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff60026f1

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.